I'm a technology, privacy, and information security reporter and most recently the author of the book This Machine Kills Secrets, a chronicle of the history and future of information leaks, from the Pentagon Papers to WikiLeaks and beyond.
I've covered the hacker beat for Forbes since 2007, with frequent detours into digital miscellania like switches, servers, supercomputers, search, e-books, online censorship, robots, and China. My favorite stories are the ones where non-fiction resembles science fiction. My favorite sources usually have the word "research" in their titles.
Since I joined Forbes, this job has taken me from an autonomous car race in the California desert all the way to Beijing, where I wrote the first English-language cover story on the Chinese search billionaire Robin Li for Forbes Asia. Black hats, white hats, cyborgs, cyberspies, idiot savants and even CEOs are welcome to email me at agreenberg (at) forbes.com. My PGP public key can be found here.

Bug In Removal Tool For Macs' Flashback Malware Deletes User Settings

Update on Kaspersky’s fix for its Flashback removal tool and Apple’s own disinfection tool below.

Here’s a cure that’s worse than the disease: The antivirus firm Kaspersky is alerting users that a tool it released earlier this week for removing the Flashback malware plaguing more than 650,000 Macs also contains a bug that deletes user settings and in some cases may even lock them out of their machines.

Kaspersky has taken the tool offline until its issues can be worked out. Here’s the statement that a Kaspersky spokesperson just sent me:

Kaspersky Lab has identified an issue with its free Kaspersky Flashfake Removal Tool. In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data.

The Kaspersky Flashfake Removal Tool has been temporarily suspended. The company will release an updated version of the utility with the bug corrected and will send a notification as soon as it’s available.

On Apple’s online support forum, at least two users who ran Kaspersky’s tool complained of being locked out of accounts on their Macs.

“I’m locked out. I used the Kaspersky tool and I can’t login properly,” wrote one user. ”I figured out how to login as root user [and] it works fine. Can anybody tell me how to fix my normal account?”

“I just tried the Kaspersky link and I think I’m in trouble. It downloaded just fine, asked for my admin password to install itself, and it ran a scan. The scan ran VERY quickly and came back with a message that said it didn’t find anything and there was nothing to remove. It then asked me to restart the machine, and that’s where the trouble began. The machine shut down OK, but the restart is hung. There’s only the northern lights background screen. No spinning wheel, icons, etc., just the frozen screen. The mouse works, but that’s it. I tried shutting down and restarting via the on-off button with the same results. So, I’m hung.”

He later added an update to say that after restarting again, he was able to log into the machine as one user, but not another.

I’ve written to Kaspersky for more information, and I’ll update this post if I can learn more.

In the mean time, the antivirus firm F-Secure is also offering a Flashback removal tool here. Apple has said that it’s developing its own cleanup application for Flashback, but hasn’t said when the tool will be available.

Update: Apple has now issued its own removal update to disinfect machines running Flashback, which also automatically uninstalls Java from any machine that hasn’t recently used it as a measure to prevent reinfection.

Update again: Kaspersky has now fixed and reissued its Flashback removal tool.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

When I’ve found out about the flashback malware i’ve checked for some tools to see if I have it, so i stumbled across a tool from bitdefender called “bitdefender virus scanner”. Seems that my mac was clean and everything is still in it’s place, even my settings :), the tool can be found on the apple store.